56fec181f0b43afa87d7cb76fbc5523ae788e5fed56356d5732a2f2b2cf6ab88

Analysis

max time kernel
40s
max time network
44s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
10-10-2024 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Vencord-v1.0.6.apk
Size

1.2MB
MD5

c7a2996b321266ee65a05265ca8dfc71
SHA1

8bebb56419b329f15065ae9908bfb26f59d91a2e
SHA256

56fec181f0b43afa87d7cb76fbc5523ae788e5fed56356d5732a2f2b2cf6ab88
SHA512

63b6c9b37a5f1734a18e5dedfc1415bfc42f815afcef342cfac6f3bfb5fcffdcea7fe26ed0abb46b18fbaf905e196092ff3c7955e7d3e2dec0cd8104dacd2721
SSDEEP

24576:tdqbaAnGsPRwn4izoTu6tmkXYhafQTnHyxJhRwvarW6uMDT6nmtiS7bszq7K:tdqLGw6n4GujXKV7HyxJwvF46nmtiZqK

Score

7^/10

collection credential_access impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	dev.vendicated.vencord

Legitimate hosting services abused for malware hosting/C2 1 TTPs 17 IoCs

Web Service

T1102

flow	ioc
48	discord.com
49	discord.com
42	discord.com
43	discord.com
38	discord.com
40	discord.com
41	discord.com
44	discord.com
47	discord.com
36	discord.com
37	discord.com
35	discord.com
39	discord.com
45	discord.com
46	discord.com
31	discord.com
32	discord.com

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	dev.vendicated.vencord

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	dev.vendicated.vencord

dev.vendicated.vencord
1⤵
- Obtains sensitive information copied to the device clipboard
- Checks CPU information
- Checks memory information
PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads